Last Updated: May 11, 2017
The purpose of this privacy statement is to explain, as transparently as possible, how Diligent Corporation and its affiliates (collectively “Diligent” or “us”) use and disclose the information we collect via our Services. We pride ourselves on providing award-winning customer service, but in order to do that, we need to be able to transfer names and contact information about our users globally. This allows us to easily identify callers to our support line, so that we can provide the around-the-clock, 24/7/365 service that our customers have come to expect. While we are required to provide the following legal disclosures, please note that all of our customer support personnel are Diligent employees and that we never use subcontractors to provide customer support. Also, this privacy statement does not apply to the contents of board materials that we store on behalf of our clients. Those materials are protected in accordance with our security policies and are only hosted in our dedicated hosting facilities in the United States, Canada and Germany. European clients may opt to have their Diligent Boards sites hosted solely in Germany. Due to the stringent and proprietary nature of our security systems, the details of the security policies that protect clients’ documents are only provided to our customers. Please contact your customer success team if you would like more documentation on our security protocols for protecting clients’ documents, or if you’d like to speak to a member of our security team.
For the purposes of this privacy statement, “Services” includes: www.diligent.com and go.boardbooks.com contact information associated with our board portal service (“Diligent Boards”), and all associated services and applications to the Website and Diligent Boards, such as our iPad application, Windows application and desktop smart client. This privacy statement does not apply to our practices on other websites or offline.
The use of information collected through our service shall be limited to the purpose of providing the service for which the Client has engaged Diligent.
Registration Information. You or your company must have a current subscription to register for and access our Services. We will collect your name, company name, email address and other contact information, as well as a login that we will generate for you when you register to access our Services. We may also collect other optional information.
Services. We use the information we collect to provide our Services, respond to user requests, provide technical and customer support, administer our business, improve the Services, and comply with legal obligations.
Website. When you browse our Website or use the Services we may automatically collect technical information such as your IP address, clickstream information and log files (as noted below). To use our Services, you will be required to register as a user.
Marketing. We may also send marketing emails and newsletters to you from time-to-time, unless you have opted out. Out of respect for your privacy, you may choose to stop receiving our newsletter or marketing emails by following the unsubscribe instructions included in these emails, or you can contact us here.
Application Users. When using one of our applications we may collect your device ID; IP Address and language information; device name and model; operating system type, name, and version; and certain other information. We do not track location-based information from your device.
Log Files. We use your IP address and other standard log file information to help diagnose problems with our servers, and to administer our Website and Services. We also collect information about how you utilize our Website and Services, such as IP addresses, browser types (such as Internet Explorer or Google Chrome), referring pages and pages visited and store it in log files. We use this information (a) to analyze web page traffic patterns and the use of our Services, (b) to administer our Website and servers, and (c) to provide and improve our Services. We do not link this automatically collected data to other information we collect about you.
Sensitive Personal Data. We do not require nor ask for sensitive personal data such as medical information, race/ethnicity, political opinions or sexuality.
Sharing With Third Parties
Except as expressly permitted by our service agreement with you, we will never provide confidential material stored within our Boards or Teams app to any third party. Additionally, we will never sell your personal contact information to third parties for any reason. We will only transmit personal contact information to third parties in the ways that are described in this privacy statement.
We may transmit your personal and contact information to companies that provide services to help us with our business activities such as offering customer service. These companies are not authorized to use your personal information except to help Diligent provide these services to our customers.
We may also disclose your personal information:
- to our affiliates or subsidiaries; however, if we do so, their use and disclosure of your personal information will be subject to this privacy statement;
- In certain situations, Diligent may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
- as required by law, such as to comply with a subpoena, similar legal process, or as requested by courts and law enforcement agencies with jurisdiction over Diligent;
- when we believe in good faith that disclosure is necessary to protect our rights, as evidence in litigation in which we are involved, to protect your safety or the safety of others, investigate fraud, or respond to a government request;
- to any other third party with your prior written consent to do so;
User Data Supplementation
We may receive information about you from other sources, including publicly available databases or third parties from whom we have purchased data, and combine this data with information we already have about you. This helps us to update, expand and analyze our records, identify new customers, and provide products and services that may be of interest to you. If you provide us personal information about others, or if others give us your information, we will only use that information for the specific reason for which it was provided to us.
Examples of the types of personal information that may be obtained from public sources or purchased from third parties and combined with information we already have about you, may include:
- Address information about you from third party sources, such as the U.S. Postal Service, to verify your address so we can properly ship your order to you and to prevent fraud; and
- Purchased marketing data about our customers from third parties that is combined with information we already have about you, to create more tailored advertising and products.
Data Collected from or for our Clients
Diligent collects information under the direction of those entities with whom it has entered into a contractual relationship for the provision of Diligent Boards (its “Clients”), and has no direct relationship with the individuals whose personal data it processes on behalf of its Clients. We will process such data as directed by our Clients; our Clients’ use and disclosure of the personal data they submit to us and these Services are not subject to this privacy statement. If you are using Diligent Boards on behalf of one of our Clients and would no longer like to be contacted by the Client that uses our service, please contact the Client that you interact with directly. We may transfer personal information to companies that help us provide our service. Transfers to subsequent third parties are controlled by confidentiality obligations that are similar to those in the service agreements with our Clients.
As noted, Diligent has no direct relationship with the individuals whose personal data it processes on behalf of its Clients. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct his query to Diligent’s Client (the data controller). If a Client requests Diligent to amend or remove the data, we comply with such requests in accordance with the contractual relationship we have with the relevant Client and we will respond to their request within 30 days.
We will retain personal data we process on behalf of our Clients for as long as needed to provide services to our Client. Diligent will retain and use this personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
We partner with a third party to either display advertising on our website or to manage our advertising on other sites. Our third party partner may use technologies such as cookies to gather information about your activities on this website and other sites in order to provide you advertising based upon your browsing activities and interests. If you wish to not have this information used for the purpose of serving you interest-based ads, you may opt-out by clicking here (or if located in the European Union click here ). Please note this does not opt you out of being served ads. You will continue to receive generic ads.
Third parties with whom we partner to provide certain features on our site or to display advertising based upon your Web browsing activity use LSOs such as HTML 5 to collect and store information.
Various browsers may offer their own management tools for removing HTML5 LSOs.
Personal information (such as names, email addresses, and phone numbers) collected through the Services may be transferred to and processed by Diligent and its affiliates, business partners, and service providers located in other countries, including the United States, United Kingdom, Germany, New Zealand, Canada, Australia, Hong Kong and Singapore, some of which may not offer the same or equivalent legal protection for your personal data as your home country.
We will always strive to adopt appropriate standards of privacy protection, wherever your information is located and adopt appropriate measures (consistent with locally applicable privacy laws) to secure an adequate level of privacy protection.
EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield
Diligent and its subsidiary company(ies) Diligent Board Member Services NZ Limited, Diligent Boardbooks Limited, Diligent APAC Board Services Pte. Ltd., Diligent Board Services Australia Pty. Ltd., Diligent APAC Limited and Diligent Boardbooks GmbH participate in and have certified their compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. Diligent is committed to subjecting all personal data received from European Union (EU) member countries and Switzerland, respectively, in reliance on each Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List. [https://www.privacyshield.gov/list]
Diligent is responsible for the processing of personal data it receives, under each Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Diligent complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Diligent is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Diligent may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Under certain conditions, more fully described on the Privacy Shield website [https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint], you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
Links to Other Sites
Diligent is not responsible for the privacy practices or the content of any sites that our Website or the Services may provide links to.
Social Media Widgets
Our website includes Social Media Features, such as the Facebook Like button, and Widgets, such as the Share This button or interactive mini-programs that run on our website. These Features may collect your Internet protocol address, which page you are visiting on our website, and may set a cookie to enable the Feature to function properly. Social Media Features and Widgets are either hosted by a third party or hosted directly on our website. Your interactions with these Features are governed by the privacy statement of the company providing it.
Access to Personal Information
Upon request, Diligent will provide you with information about whether we hold, or process on behalf of a third party, any of your personal information. To request this information, please email us at firstname.lastname@example.org.
If your personal information changes, or if you no longer desire to use our Services, you may correct, update, amend, delete/remove, ask to have it removed from a testimonial or deactivate much of your information by making the change on our member information page, or by contacting us by telephone, or via email, or postal mail at the contact information listed below. We will respond to your request to access within 30 days.
We will retain your information for as long as your account is active or as needed to provide you services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
We post customer testimonials/comments/reviews on our Website which may contain personal information. We do obtain the customer’s written consent prior to posting the testimonial to post their name along with their testimonial. If you post a comment or other content to a public area of our Website or Services, that comment may be viewed by other users, as well as visitors to our Website, and we cannot prevent that content from being used in a manner that violates this privacy statement.
The security of your personal information and our Clients’ information is important to us. When you enter sensitive information (such as log-in credentials for users of Diligent Boards), we encrypt the transmission of that information using secure socket layer technology (SSL)/transport layer security technology (TLS). We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once we receive it. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, we cannot guarantee its absolute security. If you have any questions about security on our Website or Services, our personnel can put you into contact with our Security Department.
Revisions to This Statement
We may update this privacy statement to reflect changes to our information practices. If we make any material changes we will notify you by email (sent to the e-mail address specified in your account) or by means of a notice on this Website, prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.
If you have any questions about this privacy and security statement, the practices of this Website, or your dealings with this Website, please contact us via email or mail us at Contracts Department, Diligent Corporation, 1385 Broadway, 19th Floor, New York, NY 10018.